Artem-Diverta

**Name of the Vulnerable Software and Affected Versions** SimpleSAMLphp versions prior to 1.14.10 simplesamlphp/saml2 library versions prior to 1.9.1 simplesamlphp/saml2 library 1.10.x versions prior to 1.10.3 simplesamlphp/saml2 library 2.x versions prior to 2.3.3 **Description** The issue allows remote attackers to spoof SAML responses or possibly cause a denial of service by leveraging improper conversion of return values to boolean in the `validateSignature` method. This method is part of the SAML2Utils class in SimpleSAMLphp and the simplesamlphp/saml2 library. **Recommendations** For SimpleSAMLphp versions prior to 1.14.10, update to version 1.14.10 or later. For simplesamlphp/saml2 library versions prior to 1.9.1, update to version 1.9.1 or later. For simplesamlphp/saml2 library 1.10.x versions prior to 1.10.3, update to version 1.10.3 or later. For simplesamlphp/saml2 library 2.x versions prior to 2.3.3, update to version 2.3.3 or later. As a temporary workaround, consider disabling the `validateSignature` method until a patch is available.